== Ask Yourself Whether

* Confidential information exists in URLs.  
* Semantic of HTTP methods is not respected (eg: use of a GET method instead of POST when the state of the application is changed). 

There is a risk if you answered yes to any of those questions.